Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

A Secure Computing Environment

advertisement 
International Journal of Engineering Research and General Science Volume 3, Issue 2, Part 2, March-April, 2015
ISSN 2091-2730
A Secure Computing Environment
Avantika Dhavale1, Aditi Halgekar2, Snehal Wayse3, Pavan Kulkarni4
Students, Computer Department, Trinity College of Engineering, Pune.
4
Professor, Department of Computer Engineering, Trinity College of Engineering, Pune.
Contact Email- avantika.dhavale@gmail.com Contact number- 7387709896
123
Abstract
With the advent of various attack vectors on various computing devices, it is vital that we design a secure computing environment
which would be resilient to such said attacks. However, there is always a tradeoff between securing a device and incorporating various
functionalities into the device to make it more versatile. The more we secure a device, the tougher it becomes to add ad-hoc features to
it. Moreover, this tradeoff is very subjective to the needs at hand. It is incumbent on the administrator of the said device to manage the
tradeoff between securing the device and providing diverse functionality. In this paper, we describe our approach to securing a
computing environment and explain our rationale. This would be of course one of the multiple layers of security with which we would
secure the device.
Keywords— White-list, Hardened OS, environment, locked down OS, REL-ID,.
INTRODUCTION
A security system identifies and mitigates the system vulnerabilities, by either removing them, or restricting access to them, to a very
small group. The competition between inventing new security measures to protect data and inventing hacking techniques in
conjunction with discovering and leveraging pre existing vulnerabilities is infinite. Therefore, securing data and resources is becoming
more and more challenging day by day.
Nevertheless, there exist several different techniques to secure the data being transferred over a network and also that on a user
machine. Uniken India Pvt. Ltd. specializes in securing data in motion through the use of the patented REL-ID based mutual
authentication scheme.
SSL is one such tool to secure data sent over a network, using cipher text. Using SSL data is kept confidential and message integrity is
maintained. However, recently there have been network security breaches, including the famous “HEARTBLEED” bug.
But, the question that remains is “what if the user machine itself is hacked?” REL-ID by Uniken India Pvt. Ltd. can be used to ensure
that the end user is secured as well as the tunnel. It also uses techniques of authentication to assure to each end user that it is
communicating with an authorized user and not a fake one.
Such security measures are used to secure data in motion, meaning data that has been shared between computers. They may prove to
be of minimum value, if the operating system on which it resides is compromised. It is therefore crucial to understand and remove the
security flaws in the operating system itself. We, on the other hand, are trying to secure data at rest, by coming up with various
approaches, one of which is application white listing.
In this paper, we will discuss ways to do this in the Linux Ubuntu operating system. Firstly, we try to harden the operating system.
Hardening is a technique to reduce vulnerabilities of the existing operating system. It aims to eliminate security risks in an operating
system. This is done by turning off all those services of the operating system which are not used or are risky and allowing only those
which are secure for users data. Thus, this environment becomes a kind of locked down or reduce version of a fully fledged operating
system.
While the services which are "turned off" in hardening may be useful or beneficial in some or other way, if through their use there use
there exist back-doors to the system they must be shut down. Operating system hardening is a technique which allows us a security on
the machine level. A hardened operating system can be considered as a smaller version of an otherwise compromised operating
system.
Secondly, we implement a technique called as application white-listing. It is the technique of preparing a list of all applications that
are safe to execute. All applications that excluded from this list are disallowed to spawn.
284
www.ijergs.org
International Journal of Engineering Research and General Science Volume 3, Issue 2, Part 2, March-April, 2015
ISSN 2091-2730
RELATED WORK
In our research related to data security we have discovered many ways to secure a transaction over a network. This
research has led to an understanding of topics like PGP,PKI, various encryption algorithms like RSA,SSL. We also
studied about significant ways to provide security to the end system.
Rel-Id, developed by Uniken India Pvt Ltd is one such infrastructure to secure the end system. This system along with an
application is currently being used for various banking systems. In this in client server architecture both the client as well
as the server are assured of the identity of the end system they are talking to. However, no matter how secure the
application is, if the operating system is compromised in some or the other manner, there exist a constant threat of the data
being watched or stolen or hacked.
Figure 1: Secure Tunnel but Insecure End Point
METHODS
Hardening
For operating system hardening we may try to reformat the operating system and install only those parts of the operating
system which are required for the users program to run. Hence hardening is depend upon the particular application for
which it was done in the first place.
We may also consider disabling guest login as an added security measure. This is done because even if the guest user is
not authorized, some kinds of penetration are always possible.
Also we may consider turning off services such as resource sharing, file sharing, printer sharing.
Whitelisting
In white-listing all applications that are found to be suspicious, or might be containing possible back-doors are denied
permission to execute. This minimizes the threats to operating system.
This may start by preparing a list of names of applications which are safe to execute and checking the name of each
spawned application against this list. If a match occurs we need not take any action. If the application name does not
match with any of the supposed white-listed application, it is killed immediately. On a higher level, it should not be
allowed to spawn in the first place.
285
www.ijergs.org
International Journal of Engineering Research and General Science Volume 3, Issue 2, Part 2, March-April, 2015
ISSN 2091-2730
RESULT AND DISCUSSION
As a result of the implementation of the above mentioned methods, we obtain a secure environment, which the user may
trust for handling of confidential data. This environment can be depicted by the following figure
Figure 2: A secure environment
Examining the results of above mentioned methods, it became clear that unwanted applications and services of an
operating system can indeed be stopped from exploiting the vulnerabilities of a system. If the operating system is in fact
vulnerable to malicious applications, these methods can definitely provide a way to reduce these vulnerabilities.
CONCLUSION
Examining the results of above mentioned methods, it became clear that unwanted applications and services of an
operating system can indeed be stopped from exploiting the vulnerabilities of a system. If the operating system is in fact
vulnerable to malicious applications, these methods can definitely provide a way to reduce these vulnerabilities.
ACKNOWLEDGMENT
First of all, we would like to thank our guide, Prof. Pavan Kulkarni, for the motivation and guidance that he has provided
us. Secondly, we thank our head, Mr. Vamshi Krishna Ramaka for his help and support. Finally, we thank our friends
Miss Mehak Daftari, Miss Vrushali Deshpande, and Mt. Delwin John for their timely help and assistance.
.
REFERENCES:
[1] Chunxiao Li, Anand Raghunathan, and Niraj K. Jha, “A secure user interface for web applications running under untrusted
oerating system” 10th IEEE International Conference on Computer and Information Technology, 2010.
[2] Uniken Systems Pvt Ltd, http://www.uniken.com/relid-platform”
[3] Bei Guan, Yanjun Wu, Yongji Wang, “A novel security scheme for online banking based on virtual machine”, IEEE Sixth
International Conference on software security and reliability companion, 2012.
[4] Daojing He, Sammy Chan, Yan Zhang, Mohsen Guizani, Chun Chen, Jiajun Bu, “An enhanced public key infrastructure to secure
smart grid wireless communication networks”, IEEE Network, January-February 2014.
[5]Xiongwei Xie, Weichao Wang, “Rootkit Detection on virtual machines through deep information extraction at hypervisor-level”,
4th International Workshop on Security and Privacy in Cloud Computing, 2013.
[6] Ngangbam Herojit Singh, A. Kayalvizhi, “Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless
Networks”
286
www.ijergs.org
International Journal of Engineering Research and General Science Volume 3, Issue 2, Part 2, March-April, 2015
ISSN 2091-2730
[7] Khoa Dang Pham, Abhishek kumar Jain, Jin Cui, Suhaib A. Fahmy, Douglas L. Maskell, “Microkernel Hypervisor for a Hybrid
ARM-FPGA Platform”, IEEE, 2013.
[8] Chunxiao Li, Anand Raghunathan, and Niraj K. Jha, “A Trusted Virtual Machine in an Untrusted Management Environment”,
IEEE Transactions on services computing, Vol. 5, No. 4, October-December 2012.
[9] Sujit Sanjeev, Jatin Lodhia, Raghunathan Srinivasan, Partha Dasgupta, “Protecting cryptographic keys on client platforms using
virtualization and raw disk image access”, IEEE International Conference on Privacy, Security, Risk and Trust, And IEEE
International Conference on Social Computing, 2011.
[10] VMware Player, http://www.vmware.com/products/player, 2012.
[11] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D.
Boneh, “Terra: A Virtual Machine-Based Platform for
Trusted Computing,” Proc. ACM Symp. Operating
Systems Principles, pp. 193-206, Oct. 2003.
[12] J. Yang and K.G. Shin, “Using Hypervisor to Provide
Data Secrecy for User Applications on a Per-Page Basis,” Proc. ACM Int’l Conf. Virtual Execution Environments, pp. 71-80, Mar.
2008.
[13] Sujit Sanjeev, Jatin Lodhia, Raghunathan Srinivasan, Partha Dasgupta, ” Protecting cryptographic keys on client platforms using
virtualization and raw disk image access” IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE
International Conference on Social Computing, 2011.
[14] Jan Just Keijser,” OpenVPN 2 Cookbook: 100 simple
and incredibly effective recipes for harnessing the
power of the OpenVPN 2 networks”,Edition 1, published in 2011.
[15] Markus Feilner, Norbert Graf, “Beginning OpenVPN 2.0.9”,Edition 1,published: December 2009.
[16] Pavan Kulkarni, Aditi Halgekar, Avantika Dhavale, Mehak Daftari, Snehal Wayse, “Prototype of Computing Device That Aims
TO Secure User Data on a Compromised O. S. ”, IJSR, Vol. 3, Issue 10, October 2014.
287
www.ijergs.org
Related documents
2010 PPT Slide Template
2010 PPT Slide Template
IEEE (Institute of Electrical and Electronic Engineers): Number
IEEE (Institute of Electrical and Electronic Engineers): Number
J. Lauletta
J. Lauletta
CSCD 439/539 Guidelines for Survey Paper
CSCD 439/539 Guidelines for Survey Paper
IEEE R10 HTA Outstanding Section Award
IEEE R10 HTA Outstanding Section Award
Advanced Optical Sensing Using Laser Modulation Spectropscopy for
Advanced Optical Sensing Using Laser Modulation Spectropscopy for
Advanced Computer Graphics and Multimedia Assignment Questions
Advanced Computer Graphics and Multimedia Assignment Questions
IEEE FELLOW GRADE NOMINATION FORM B
IEEE FELLOW GRADE NOMINATION FORM B
Download
advertisement